I just had occasion to go over some firewall and server logs for my SVN server, and I decided to gather some interesting stats from the logs...
In 2 months, 11,319unauthorized attempts were made to connect to port 443 by 6,032 unique IP addresses. Not one of the bastards got in.
It's a private/unpublished address without a DNS entry.
It's almost hard to imagine that over 6,000 systems / people worldwide are bent to the overt task of discovering what's out there and attempting to access a random unpublished IP address. Probably more - that's just a small recent sample.
-Noel
Author of the "How to Configure the 'To Work' Options" series of Windows books. Not feeling enough love to do one for Windows 10.
I just had occasion to go over some firewall and server logs for my SVN server, and I decided to gather some interesting stats from the logs...
In 2 months, 11,319unauthorized attempts were made to connect to port 443 by 6,032 unique IP addresses. Not one of the bastards got in.
It's a private/unpublished address without a DNS entry.
It's almost hard to imagine that over 6,000 systems / people worldwide are bent to the overt task of discovering what's out there and attempting to access a random unpublished IP address. Probably more - that's just a small recent sample.
I just had occasion to go over some firewall and server logs for my SVN server, and I decided to gather some interesting stats from the logs...
In 2 months, 11,319unauthorized attempts were made to connect to port 443 by 6,032 unique IP addresses. Not one of the bastards got in.
It's a private/unpublished address without a DNS entry.
It's almost hard to imagine that over 6,000 systems / people worldwide are bent to the overt task of discovering what's out there and attempting to access a random unpublished IP address. Probably more - that's just a small recent sample.
-Noel
Yeah, I'm running a public HTTP server here, and it receives anywhere from 10–100 hacking attempts a day. All of them appear to be automated, drive-by attacks (seeing that the "Host:" field is my IP, not a DNS name), seeking to gain admin access to various web platforms, or use my server as a proxy for (presumably) illicit activity. If there is a place to report them live, I'd love to know about it. Anyway, they will need all the luck they can get because I wrote the server software myself and it looks for every excuse not to serve anything, quickly blacklisting IPs that do anything wrong.
I did some identification of a few of the addresses, and they're from all over the world, not just China.
Since it's a private server just for my engineers, I don't serve anyone who's not specifically whitelisted. No one needs access from a variable IP address at this point.
That Norse map is cute.
-Noel
Author of the "How to Configure the 'To Work' Options" series of Windows books. Not feeling enough love to do one for Windows 10.
I just had occasion to go over some firewall and server logs for my SVN server, and I decided to gather some interesting stats from the logs...
In 2 months, 11,319unauthorized attempts were made to connect to port 443 by 6,032 unique IP addresses. Not one of the bastards got in.
It's a private/unpublished address without a DNS entry.
It's almost hard to imagine that over 6,000 systems / people worldwide are bent to the overt task of discovering what's out there and attempting to access a random unpublished IP address. Probably more - that's just a small recent sample.
-Noel
port 443 is the https port, so it might have been scanners looking for web pages, but most likely mis-configured web servers that support the 'CONNECT' command (i.e. an open proxy). As an example, many IRC servers will scan for this [and will tell you in the MOTD]. They automatically ban ANY IP address with an open proxy on it for the obvious reasons.
There's this really cool set of scripts called 'fail2ban' that are designed to work in the UNIX/Linux world. When configured properly [and it DOES take a little work to set it up] they automatically look for attempts to, let's say, log into your ssh server. 3 failed logins and the IP address gets a ban for an hour, and you get an e-mail with the information. I get 10 to 20 such e-mails a day sent to a specific e-mail address. Every once in a while I'll report one, especialy if it keeps showing up.
now, a mis-configured ssh server is definitely a security risk. 2 things you should never do: a) allow root login via ssh, and b) use a well known name for ANY user name that CAN log in remotely via ssh. [for IPv6 I deny all connections on any non-server boxen, for now, to make it easier, so I can log in as whoever I want from the LAN]. In my case, the server only allows a very SMALL number of very NON-privileged users to log in, and the names aren't obvious, and the passwords are relatively LONG. But it _does_ allow me to log in remotely, and I have, on multiple occasions. I even set up a remote X11 tunnel thingy so I could run GUI applications. OK slow, but effective.
FYI - on FreeBSD, you can 'su' to root just fine. But if your user is NOT a member of group 0 ('wheel' on BSD) then you cannot su directly to root. So first you must su to a user that's in the 'wheel' group, and THEN you can 'su' to root. It's now a 2-step process. It's a bit MORE security than on Linux.
Also on FreeBSD you can set up what's known as a 'jail', with limited hardware access, and a different security context. If your ssh port is forwarded to the jail, you could THEN [from the jail] ssh into the REAL box. Discovering the root password of the jail would be laughably ineffective, also. So that would be 3 layers of security to get through for root access - ssh to main box, log into non-priv user, su to 'wheel' user, then root. That's AFTER gaining ssh acces to the jail.
anyway, those scanners are out there, pounding away on EVERY IP address, and it's like an informal botnet, as machines are taken over, when they begin their own scans.
In 2 months, 11,319unauthorized attempts were made to connect to port 443 by 6,032 unique IP addresses. Not one of the bastards got in.
Yeah, I'm running a public HTTP server here, and it receives anywhere from 10–100 hacking attempts a day. All of them appear to be automated, drive-by attacks (seeing that the "Host:" field is my IP, not a DNS name), seeking to gain admin access to various web platforms, or use my server as a proxy for (presumably) illicit activity. If there is a place to report them live, I'd love to know about it. Anyway, they will need all the luck they can get because I wrote the server software myself and it looks for every excuse not to serve anything, quickly blacklisting IPs that do anything wrong.
what I like to do is put fake directories in my web space for the things they're looking for, and basically use them as a kind of honeypot. Try THIS for example: bigbadbob.name/phpmyadmin/ - every one of those directories is a symlink to "that page". So as they troll me, I troll 'em back. And of course, there are LOGS. If I bother looking.
Post by big bad bombastic bob on Oct 22, 2015 14:51:31 GMT -6
since it's outside the statute of limitations now, during the 'code red' thing I had a honeypot running to try and detect a code red infection attempt. When it was detected, it would connect BACK to that computer, and [using the 'code red' back door] put a document on the administator desktop, or whoever was logged in, something like "dumbass.txt", OPEN IT, and then DISABLE the web server (so it would stop infecting things). The document said what I did and why.
that's a classic 'grey hat' maneuver - do a public service by catching the infected box 'in the act', then cracking back into it, and disabling the thing. automatically.
most of those code red machines were NT4 and W2k machines with misconfigured web servers, unpatched, and left on a public IP address. The owners may not have even known there was a web server on it. After getting "dumbass.txt" I'm sure they DID.
what I like to do is put fake directories in my web space for the things they're looking for, and basically use them as a kind of honeypot. Try THIS for example: bigbadbob.name/phpmyadmin/ - every one of those directories is a symlink to "that page". So as they troll me, I troll 'em back. And of course, there are LOGS. If I bother looking.
The F*** Bomb. I love it! Yep, that's one of the frequently accessed URLs. I just let it 404 on my server. After a couple of those, they're blacklisted for a couple minutes. Any attempt to connect to the server while blacklisted increases the blacklist time exponentially with each attempt. And then I have a keywords option that puts them in the blacklist instantly without any notification.
Microsoft, is Windows 10 the best you could do? Really? After promising to listen to our feedback, what a letdown!
Post by Bayer A.User on Oct 24, 2015 9:11:04 GMT -6
Only in 10 would we get notifications from people we don't know via apps we don't have installed. Maybe wifi sense wants to share your home network with this broad.
Post by Locutus deBorg on Oct 24, 2015 19:00:45 GMT -6
MS recently updated outhouse.com it fails to open at all in 3.6.28 but still parses the logon over to the MS Forum if I do the login page and then click my bookmark to the MS Forum
if I open outhouse.com in newest Pale Moon x64 it's full of trash and junk including some sort of skype plug-in
not opening it with that again
I find the lack of configuration options disturbing !
I felt a great disturbance in the force.. as if millions of win 7 systems suddenly cried out in terror.
When I visit outhouse.com it redirects to yeah.com which redirects to an OpenDNS content filtering block page. It states that the reason for the block is Adware.
Microsoft, is Windows 10 the best you could do? Really? After promising to listen to our feedback, what a letdown!
When I visit outhouse.com it redirects to yeah.com which redirects to an OpenDNS content filtering block page. It states that the reason for the block is Adware.
you didn't actually go to "outhouse.com" did you?
in these parts everything outlook is outhouse because of all the crap MS includes
I find the lack of configuration options disturbing !
I felt a great disturbance in the force.. as if millions of win 7 systems suddenly cried out in terror.
And I would want to use a web-based eMail service... Why?
Same question for small screen computing device, cloud...
I'm pretty geeky, but I find the goods actually have to be delivered for me to desire the tech. Perhaps I used up all my "gee whiz" factor back in the 1970s with 8 bit computers. At least back then people worked to improve the things that didn't work very well (remember loading Basic programs from cassette tape?)
Fair enough, but to keep your personal correspondence on someone's server somewhere? Not a chance.
I prefer to control my data, and I manage it so that it is not "extraneous junk" but valuable information to me.
Choosing to provision a limited amount of high performance storage just seems penny wise and pound foolish. Storage space is cheaper - even solid state - than at any time in history. My preferred approach is to spend enough for a serious amount, then enjoy using an ultra-responsive system long-term.
Right now I have 1 TB free on my 2 TB C: array of SSDs, and 262 GB free on my 1 TB V: array of SSDs for virtual machines.
But hey, give your critical data to the cloud companies. Trust them - they'll keep it safe and never, ever look in it.
-Noel
Author of the "How to Configure the 'To Work' Options" series of Windows books. Not feeling enough love to do one for Windows 10.
Post by Locutus deBorg on Oct 25, 2015 10:09:39 GMT -6
no personal correspondence happens through email see I'm not all that outward facing, no faceboot, no myspace, no twatter, no tumblr, etc. most that ever happens is in the work mail which is stored on internal exchange server and even then it's basically business type emails plus we are told by the IT dept. to keep only the previous emails necessary
all my GMail, yahoo, outhouse, web mail accounts have no personal correspondence, I use these account types for forum etc. signups another reason to not have them coming to my system can't trace it back to anything about me ya, Locutus deBorg is not my name
and with Firefox / Pale Moon setup to clear everything on exit and CPD from the menu item only a full forensics analysis of the HDD would reveal any recent log on info
I find the lack of configuration options disturbing !
I felt a great disturbance in the force.. as if millions of win 7 systems suddenly cried out in terror.
Post by big bad bombastic bob on Oct 25, 2015 15:15:43 GMT -6
I have a 'linkedin' page but I only access it with a different browser, so I don't get tracked EVERYWHERE by (one time) accepting their damned cookes and scripting. then I dump cookies and cache. But it doesn't have a lot of value, so I might delete it.
the others - facebitch, twatter, who needs them when you own your own domains?
I just had occasion to go over some firewall and server logs for my SVN server, and I decided to gather some interesting stats from the logs...
In 2 months, 11,319unauthorized attempts were made to connect to port 443 by 6,032 unique IP addresses. Not one of the bastards got in.
It's a private/unpublished address without a DNS entry.
It's almost hard to imagine that over 6,000 systems / people worldwide are bent to the overt task of discovering what's out there and attempting to access a random unpublished IP address. Probably more - that's just a small recent sample.
-Noel
In 2 months, 11,319 unauthorized attempts were made to connect to port 443 by 6,032 unique IP addresses ? Sounds lika a malicious attack from the wrong part of the Internet...... Be sure to file a report to Your authorities....
I just had occasion to go over some firewall and server logs for my SVN server, and I decided to gather some interesting stats from the logs...
In 2 months, 11,319unauthorized attempts were made to connect to port 443 by 6,032 unique IP addresses. Not one of the bastards got in.
It's a private/unpublished address without a DNS entry.
It's almost hard to imagine that over 6,000 systems / people worldwide are bent to the overt task of discovering what's out there and attempting to access a random unpublished IP address. Probably more - that's just a small recent sample.
-Noel
I still run XP, XP x64, Vista, Vista x64 and i have no tries at all to connect from/to my computers. With Windows 7 and Windows 7 x64, i never installed Microsoft spyware or any other crap never needed in Windows 7/7 x64. I did also killed ALL update possibilities. Why ? I don't have to sit and read every damn F****** update. As a music producer and didgital art creator, no way i read every damn update. But if i get infected i will sue Micrsoft ! It is their ridicilous updates that made me decide stop updating.
<Rick> Good video. It's almost hard to believe that at one time Windows 98 was the resource hog, but even then, it still ran circles around what Windows 10 can do on today's modern hardware and look a heck of alot better doing it.
May 25, 2021 22:55:12 GMT -6
<Rick> As stated elsewhere, So much for the launch of Windows 11, "The Great Crash." Myself, I had a hard time getting into the site listed above, when I did get in, the video was partly done and then it crashed. There has been many other reports of crashing.
Jun 24, 2021 9:52:33 GMT -6
*
<Rick> I see Microsoft has been very quick to pull down reports of site crashing regarding the Launch of Windows 11 on the Microsoft Insiders forum.
Jun 24, 2021 9:57:31 GMT -6
*
<Rick> The rebroadcast is working okay.
Jun 24, 2021 11:00:25 GMT -6
<Rick> With reports of people being able to install the dev-edition of Windows 11 on machines not meeting spec, I thought I would give it a what-the-heck try. Lucky me, I'm caught in the downloading, doesn't meet spec, clearing, re-downloading loop on my machine!
Jul 2, 2021 7:08:46 GMT -6
<Rick> I've recently purchased a license for ArcaOS from www.arcanoae.com/ to play with. First impressions, it's still OS/2, but it now has a Linux twist to it.
Jul 2, 2021 7:32:53 GMT -6
*
<dozrguy> laptop shit out and am stuck buying a new one. os win11 as fucked as win10 was?
Oct 2, 2021 12:56:10 GMT -6
<Rick> Let's see ..., my impression of Windows 11 is that it is a spruced up version of Windows 10 requiring a 64-bit processor plus a piece of security hardware that is less than 4 years old in order for it to run.
Oct 4, 2021 18:25:49 GMT -6
*
<Rick> On the plus side, Microsoft is supposed to be supporting Windows 10 for some time to come for those of us still using systems with I7 or older processors.
Oct 4, 2021 18:44:35 GMT -6
*
<dozrguy> i tried installing win10 om the 'shitout' pc this morning usung media creation. EPIC FAIL! went into an endless bootloop. win7 reinstalled just fine
Oct 21, 2021 11:23:38 GMT -6
<dozrguy> STILL so much bullshit and so little time for the kiddie ideas from the hill. My new laptop (MSI GE 11-UH461) would be an awesome "10" machine but because of Winblows I can only give it a "2"......wasted $3500
Oct 27, 2021 9:36:47 GMT -6
<Rick> Hello. Just checking in.
Mar 17, 2022 10:46:54 GMT -6
<isidroco> Each new w10 update adds >100000 useless files to \Windows\Servicing\LCU\Package_for_RollupFix... folders. Even in a SSD takes time to delete that stuff. In each version they manage to worsen stuff.
Mar 27, 2022 16:14:51 GMT -6
*
<dozerguy> still traffic here?
Oct 9, 2022 17:32:44 GMT -6
<Rick> No, there does not seem to be very much traffic these days. I still check in from time to time.
Oct 9, 2022 20:08:58 GMT -6